Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / ea144b037776e892b9e05c4d22be842901e2138c / . / meta-arm / meta-arm / recipes-bsp / trusted-firmware-a / trusted-firmware-a.inc
blob: b0533a1e1092442cbd4e40fbd834a0af55f8c292 [file] [log] [blame]
Brad Bishopbec4ebc2022-08-03 09:55:16 -0400[diff] [blame]1DESCRIPTION = "Trusted Firmware-A"
2LICENSE = "BSD-3-Clause & MIT"
3
4PACKAGE_ARCH = "${MACHINE_ARCH}"
5
6inherit deploy
7
Andrew Geisslerea144b032023-01-27 16:03:57 -0600[diff] [blame^]8SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https"
9SRCBRANCH = "master"
10SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};name=tfa;branch=${SRCBRANCH}"
Brad Bishopbec4ebc2022-08-03 09:55:16 -0400[diff] [blame]11
12UPSTREAM_CHECK_GITTAGREGEX = "^v(?P<pver>\d+(\.\d+)+)$"
13
14SRCREV_FORMAT = "tfa"
15
16COMPATIBLE_MACHINE ?= "invalid"
17
18# Platform must be set for each machine
19TFA_PLATFORM ?= "invalid"
20
21# Some platforms can have multiple board configurations
22# Leave empty for default behavior
23TFA_BOARD ?= ""
24
25# Some platforms use SPD (Secure Payload Dispatcher) services
26# Few options are "opteed", "tlkd", "trusty", "tspd", "spmd"...
27# Leave empty to not use SPD
28TFA_SPD ?= ""
29
30# Variable used when TFA_SPD=spmd
31TFA_SPMD_SPM_AT_SEL2 ?= "1"
32
33# SP layout file location. Used when TFA_SPD=spmd and TFA_SPMD_SPM_AT_SEL2=1
34TFA_SP_LAYOUT_FILE ?= ""
35
36# SPMC manifest file location. Used when TFA_SPD=spmd and TFA_SPMD_SPM_AT_SEL2=1
37TFA_ARM_SPMC_MANIFEST_DTS ?= ""
38
39# Build for debug (set TFA_DEBUG to 1 to activate)
40TFA_DEBUG ?= "0"
41
42S = "${WORKDIR}/git"
43B = "${WORKDIR}/build"
44
45# mbed TLS support (set TFA_MBEDTLS to 1 to activate)
46TFA_MBEDTLS ?= "0"
47# sub-directory in which mbedtls will be downloaded
48TFA_MBEDTLS_DIR ?= "mbedtls"
49# This should be set to MBEDTLS download URL if MBEDTLS is needed
50SRC_URI_MBEDTLS ??= ""
51# This should be set to MBEDTLS LIC FILES checksum
52LIC_FILES_CHKSUM_MBEDTLS ??= ""
53# add MBEDTLS to our sources if activated
54SRC_URI:append = " ${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}"
55# Update license variables
56LICENSE:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' & Apache-2.0', '', d)}"
57LIC_FILES_CHKSUM:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' ${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}"
58# add mbed TLS to version
59SRCREV_FORMAT:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}"
60
61# U-boot support (set TFA_UBOOT to 1 to activate)
62# When U-Boot support is activated BL33 is activated with u-boot.bin file
63TFA_UBOOT ??= "0"
64
65# UEFI support (set TFA_UEFI to 1 to activate)
66# When UEFI support is activated BL33 is activated with uefi.bin file
67TFA_UEFI ??= "0"
68
69# What to build
70# By default we only build bl1, do_deploy will copy
71# everything listed in this variable (by default bl1.bin)
72TFA_BUILD_TARGET ?= "bl1"
73
74# What to install
75# do_install and do_deploy will install everything listed in this
76# variable. It is set by default to TFA_BUILD_TARGET
77TFA_INSTALL_TARGET ?= "${TFA_BUILD_TARGET}"
78
79# Requires CROSS_COMPILE set by hand as there is no configure script
80export CROSS_COMPILE="${TARGET_PREFIX}"
81
82# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application
83CFLAGS[unexport] = "1"
84LDFLAGS[unexport] = "1"
85AS[unexport] = "1"
86LD[unexport] = "1"
87
88# No configure
89do_configure[noexec] = "1"
90
91# Baremetal, just need a compiler
92DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc"
93
94# We need dtc for dtbs compilation
95# We need openssl for fiptool
96DEPENDS = "dtc-native openssl-native"
97DEPENDS:append:toolchain-clang = " compiler-rt"
98
99# CC and LD introduce arguments which conflict with those otherwise provided by
100# this recipe. The heads of these variables excluding those arguments
101# are therefore used instead.
102def remove_options_tail (in_string):
103 from itertools import takewhile
104 return ' '.join(takewhile(lambda x: not x.startswith('-'), in_string.split(' ')))
105
106EXTRA_OEMAKE += "LD=${@remove_options_tail(d.getVar('LD'))}"
107
108EXTRA_OEMAKE += "CC=${@remove_options_tail(d.getVar('CC'))}"
109
110# Verbose builds, no -Werror
111EXTRA_OEMAKE += "V=1 E=0"
112
113# Add platform parameter
114EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}"
115
116# Handle TFA_BOARD parameter
117EXTRA_OEMAKE += "${@'TARGET_BOARD=${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}"
118
119# Handle TFA_SPD parameter
120EXTRA_OEMAKE += "${@'SPD=${TFA_SPD}' if d.getVar('TFA_SPD') else ''}"
121
122# If TFA_SPD is spmd, set SPMD_SPM_AT_SEL2
123EXTRA_OEMAKE += "${@'SPMD_SPM_AT_SEL2=${TFA_SPMD_SPM_AT_SEL2}' if d.getVar('TFA_SPD', True) == 'spmd' else ''}"
124
125# Handle TFA_DEBUG parameter
126EXTRA_OEMAKE += "${@bb.utils.contains('TFA_DEBUG', '1', 'DEBUG=${TFA_DEBUG}', '', d)}"
127
128# Handle MBEDTLS
129EXTRA_OEMAKE += "${@bb.utils.contains('TFA_MBEDTLS', '1', 'MBEDTLS_DIR=${TFA_MBEDTLS_DIR}', '', d)}"
130
131# Uboot support
132DEPENDS += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot', '', d)}"
133do_compile[depends] += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot:do_deploy', '', d)}"
134EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '', d)}"
135
136# UEFI support
137DEPENDS += " ${@bb.utils.contains('TFA_UEFI', '1', 'edk2-firmware', '', d)}"
138EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UEFI', '1', 'BL33=${RECIPE_SYSROOT}/firmware/uefi.bin', '', d)}"
139
140# TFTF test support
141DEPENDS += " ${@bb.utils.contains('TFTF_TESTS', '1', 'tf-a-tests', '', d)}"
142EXTRA_OEMAKE += "${@bb.utils.contains('TFTF_TESTS', '1', 'BL33=${RECIPE_SYSROOT}/firmware/tftf.bin', '',d)}"
143
144# Hafnium support
145SEL2_SPMC = "${@'${TFA_SPMD_SPM_AT_SEL2}' if d.getVar('TFA_SPD', True) == 'spmd' else ''}"
146
147DEPENDS += " ${@bb.utils.contains('SEL2_SPMC', '1', 'hafnium', '', d)}"
148
149EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'CTX_INCLUDE_EL2_REGS=1 ARM_ARCH_MINOR=4 BL32=${RECIPE_SYSROOT}/firmware/hafnium.bin', '', d)}"
150
151# Add SP layout file and spmc manifest for hafnium
152EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'SP_LAYOUT_FILE=${TFA_SP_LAYOUT_FILE}' if d.getVar('TFA_SP_LAYOUT_FILE') else '', '', d)}"
153
154EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'ARM_SPMC_MANIFEST_DTS=${TFA_ARM_SPMC_MANIFEST_DTS}' if d.getVar('TFA_ARM_SPMC_MANIFEST_DTS') else '', '', d)}"
155
156# Tell the tools where the native OpenSSL is located
157EXTRA_OEMAKE += "OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}"
158# Use the correct native compiler
159EXTRA_OEMAKE += "HOSTCC='${BUILD_CC}'"
160
161# Runtime variables
162EXTRA_OEMAKE += "RUNTIME_SYSROOT=${STAGING_DIR_HOST}"
163
164BUILD_DIR = "${B}/${TFA_PLATFORM}"
165BUILD_DIR .= "${@'/${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}"
166BUILD_DIR .= "/${@'debug' if d.getVar("TFA_DEBUG") == '1' else 'release'}"
167
168do_compile() {
169 # This is still needed to have the native tools executing properly by
170 # setting the RPATH
171 sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
172 sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile
173 sed -i '/^LIB/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/cert_create/Makefile
174
175 # Currently there are races if you build all the targets at once in parallel
176 for T in ${TFA_BUILD_TARGET}; do
177 oe_runmake -C ${S} $T
178 done
179}
180do_compile[cleandirs] = "${B}"
181
182do_install() {
183 install -d -m 755 ${D}/firmware
184 for atfbin in ${TFA_INSTALL_TARGET}; do
185 processed="0"
186 if [ "$atfbin" = "all" ]; then
187 # Target all is not handled by default
188 bberror "all as TFA_INSTALL_TARGET is not handled by do_install"
189 bberror "Please specify valid targets in TFA_INSTALL_TARGET or"
190 bberror "rewrite or turn off do_install"
191 exit 1
192 fi
193
194 if [ -f ${BUILD_DIR}/$atfbin.bin ]; then
195 echo "Install $atfbin.bin"
196 install -m 0644 ${BUILD_DIR}/$atfbin.bin \
197 ${D}/firmware/$atfbin-${TFA_PLATFORM}.bin
198 ln -sf $atfbin-${TFA_PLATFORM}.bin ${D}/firmware/$atfbin.bin
199 processed="1"
200 fi
201 if [ -f ${BUILD_DIR}/$atfbin/$atfbin.elf ]; then
202 echo "Install $atfbin.elf"
203 install -m 0644 ${BUILD_DIR}/$atfbin/$atfbin.elf \
204 ${D}/firmware/$atfbin-${TFA_PLATFORM}.elf
205 ln -sf $atfbin-${TFA_PLATFORM}.elf ${D}/firmware/$atfbin.elf
206 processed="1"
207 fi
208 if [ -f ${BUILD_DIR}/$atfbin ]; then
209 echo "Install $atfbin"
210 install -m 0644 ${BUILD_DIR}/$atfbin \
211 ${D}/firmware/$atfbin-${TFA_PLATFORM}
212 ln -sf $atfbin-${TFA_PLATFORM} ${D}/firmware/$atfbin
213 processed="1"
214 fi
215 if [ -f ${BUILD_DIR}/fdts/$atfbin.dtb ]; then
216 echo "Install $atfbin.dtb"
217 install -m 0644 "${BUILD_DIR}/fdts/$atfbin.dtb" \
218 "${D}/firmware/$atfbin.dtb"
219 processed="1"
220 elif [ "$atfbin" = "dtbs" ]; then
221 echo "dtbs install, skipped: set dtbs in TFA_INSTALL_TARGET"
222 elif [ -f ${B}/tools/$atfbin/$atfbin ]; then
223 echo "Tools $atfbin install, skipped"
224 elif [ "$processed" = "0" ]; then
225 bberror "Unsupported TFA_INSTALL_TARGET target $atfbin"
226 exit 1
227 fi
228 done
229}
230
231FILES:${PN} = "/firmware"
232SYSROOT_DIRS += "/firmware"
233
234FILES:${PN}-dbg = "/firmware/*.elf"
235# Skip QA check for relocations in .text of elf binaries
236INSANE_SKIP:${PN}-dbg += "textrel"
237# Build paths are currently embedded
238INSANE_SKIP:${PN} += "buildpaths"
239INSANE_SKIP:${PN}-dbg += "buildpaths"
240
241do_deploy() {
242 cp -rf ${D}/firmware/* ${DEPLOYDIR}/
243}
244addtask deploy after do_install
245
246CVE_PRODUCT = "arm:arm-trusted-firmware \
247 arm:trusted_firmware-a \
248 arm:arm_trusted_firmware \
249 arm_trusted_firmware_project:arm_trusted_firmware"